I've recently been noticing some "odd" behavior from my ISP's DNS server when resolving non-existent domain. It's been causing me some problems and I was wondering if these DNS servers are actually conforming to the standard.
It started with them adding the feature that if you request an incorrect domain, it directs you to a search page that they run. I guess this is useful for some people when web browsing, but it borks things up for other applications particularly if the search server has some other open ports such as SMTP.
To get round this, I changed preferences with my ISP to turn this feature off. Now my ISP's DNS does something lot stranger. When a domain can not be found, it returns MY own IP address as the A name for that non-existent domain. So now if I click a link which no-longer exists, it bounces me to my own home page (run through the same Internet connection).
I'm trying to understand why being bounced to my own IP address would ever be useful. More to the point, is this the standard or are they breaking the standard for some purpose best known to themselves?
Yes, your ISP is breaking the standard, but it is a common occurrence these days. Your ISP's DNS servers should be returning a
NXDOMAIN
response, or "Non-existent Domain".If they are unable to do this, I would look at using external DNS servers like Google or OpenDNS, or running your own internal caching/resolving servers for your clients.
A note on OpenDNS, I believe you have to sign up for a business account to turn off NXDOMAIN redirection.
No. You should get NXDOMAIN ( http://dnsknowledge.com/whatis/nxdomain-non-existent-domain-2/ ) when a domain does not exists in authoritative dns server. An example:
Google does return NXDOMAIN
Have you tried using your own DNS server (BIND caching dns server)? The best way to track this issue is to run dig command or better use the tcpdump command. The following will trace the delegation path from the root name servers to verify that you are getting correct data from your own authoritative dns servers:
I am not sure what the RFC is regarding this. However Window DNS returns a timeout.
However google returns the Domain name back with no answer.
That's ... wait, what?
You really should be getting NXDOMAIN for any domain that doesn't exist.
Wildcard results on domains that don't exist are a reality these days - unfortunate as that may be. But returning the requesting IP as a wildcard... that doesn't make any sense. I've also never seen Google do anything like that.
Do you have the output of
dig
ornslookup
that you can share to clarify what's going on?Alternatively, are you willing to share the IP of your ISP's DNS server, or perhaps their name? I'd love to see this in action, because it makes no sense at all. I can't think of any reason why the behavior you're describing would exist.